BYOD or PSN? Soon you won't have to choose
Carl Jung said difficulties are necessary for health...
If that’s the case, having recently embarked on a large central government IT project, I should be in training for the next Iron Man competition! Irony aside, the difficulties and contradictions my team is having to overcome in order to build an electronic records management system that satisfies people who need to get work done on government’s front lines whilst complying with strict rules of regulatory governance and security is spurring my team on to develop a healthy, flexible and sustainable system. So perhaps Dr Jung had a valid point.
Regular readers of PublicTechnology.net will be familiar with some of the grievances local councils have recently aired about the government PSN (Public Services Network).
http://www.publictechnology.net/news/cabinet-office-admits-psn-mistakes/38043. Just when central government had encouraged many, like the London Borough of Camden, to introduce BYOD (bring your own device) policies to save money and improve staff morale, it later forced them to kill off these policies because they contravened the PSN’s draconian security standards.
With many councils just struggling to keep the lights on in the face of increasingly lean budgets, the last thing they need is more costly and time-consuming red tape. And spare a thought for the overworked call centre staff who have to deal with angry residents who fly off the handle after having navigated automated voice systems only to find out that ‘the computer says no’. However, there’s no denying that data security and privacy are high right now in the public interest and ministers lose serious face when data goes missing on memory sticks, laptops and in dustbins. Government IT leaders appear to be caught between a rock and a hard place.
Fortunately, the UK government has never been better placed to solve the dilemma of security versus pragmatic considerations like accessibility and ease of use. Having initiated the overdue break up the ‘cartel’ of proprietary software vendors and systems integrators, it’s now easier than ever for the public sector to engage smaller, more nimble and open software and service providers that not only can solve problems like this, but can do so without racking up endless license and consulting fees.
To illustrate, the records management system my team is developing for the Department of Business Innovation and Skills (BIS) is comprised entirely of software based on open standards, with Alfresco as the core system. We chose Alfresco for this project because of Alfresco’s Hybrid model where you can run two separate instances simultaneously while keeping your content synchronised. This means for BIS we can segment the records data in such a way so that people working on the front lines with non-sensitive data (the vast majority) outside the PSN, can do this using their own devices, sharing information with other departments and external people. This data is synchronised in the cloud and made available outside the PSN firewall. The sensitive data lives inside the firewall on-premise and can only be accessed by people with the right privileges via authorised equipment. The system prevents the data inside the firewall from being synchronised to the cloud.
The beauty of G-Cloud is that once this two-tier content management system is accredited by Communications-Electronics Security Group (CESG), which we expect to happen in May, we can then make it available to local councils and other government departments who need something similar. All this means is that when it comes to information sharing that they don’t have to make a “Hobson’s Choice” between achieving compliance and reaping the myriad benefits of BYOD. I’d say that’s a healthy situation for government IT in 2014.